Lucene search
+L

149 matches found

ptsecurity
ptsecurity
added 2024/03/27 12:0 a.m.4 views

PT-2024-23031 · Unknown · Podlove Web Player

Name of the Vulnerable Software and Affected Versions: Podlove Web Player versions through 5.7.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. Recommendations: For versions through 5.7.1,...

6.5CVSS9.2AI score0.00331EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/03/27 12:0 a.m.8 views

WordPress Plugin Podlove Web Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.5CVSS7AI score0.00331EPSS
Exploits0References2
patchstack
patchstack
added 2024/03/25 12:0 a.m.9 views

WordPress Podlove Web Player Plugin <= 5.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Podlove Web Player Type Plugin Vulnerable versions = 5.7.1 Fixed in 5.7.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29788 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b470ae958d72 Credits Ngô Thiên An ancorn from VNPT-VCI...

6.5CVSS6.9AI score0.00331EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2024/03/19 12:0 a.m.6 views

The vulnerability of the Podlove Web Player plugin in the WordPress content management system, related to deficiencies in the authentication process, allows attackers to compromise the integrity and confidentiality of protected information.

The vulnerability of the Podlove Web Player plugin in the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to compromise the integrity and confidentiality of the protected information...

6.5CVSS6.6AI score
Exploits0References4Affected Software1
prion
prion
added 2024/03/07 2:15 p.m.20 views

Authorization

Missing Authorization vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3...

5CVSS7.2AI score
Exploits0References1
cve
cve
added 2024/03/07 1:30 p.m.130 views

CVE-2023-47691

CVE-2023-47691 is rejected and not an active vulnerability entry.

5.3AI score
Exploits0
wpvulndb
wpvulndb
added 2023/11/23 12:0 a.m.22 views

Podlove Web Player <= 5.7.3 - Missing Authorization

Description The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...

8.5AI score
Exploits0References1
ptsecurity
ptsecurity
added 2023/11/09 12:0 a.m.6 views

PT-2023-8830 · WordPress · Podlove Web Player

Name of the Vulnerable Software and Affected Versions: Podlove Web Player versions through 5.7.3 Description: The issue is related to insufficient authorization procedures in the Podlove Web Player plugin for WordPress, allowing a remote attacker to impact the integrity and confidentiality of...

6.4CVSS5.8AI score
Exploits0References7
osv
osv
added 2022/09/20 7:15 p.m.4 views

CVE-2022-30579

The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery SSRF on the affect...

8.4CVSS5.9AI score0.00481EPSS
Exploits0References2
nvd
nvd
added 2022/09/20 7:15 p.m.18 views

CVE-2022-30579

The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery SSRF on the affect...

8.4CVSS0.00481EPSS
Exploits0References2
osv
osv
added 2022/06/20 8:20 p.m.3 views

MAL-2022-2539 Malicious code in dm-podcast-web-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 93a32eabcd198d5747f7b110d2f42aec6128f554bad7370bcfb169f39c07e5e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
cvelist
cvelist
added 2019/12/17 8:55 p.m.30 views

CVE-2019-17336 TIBCO Spotfire Web Player Potentially Exposes Credentials For Shared Data Sources

The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data...

7.7CVSS6.7AI score0.00883EPSS
Exploits0References2
nvd
nvd
added 2019/07/29 4:15 p.m.12 views

CVE-2015-9288

The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials...

6.5CVSS6.4AI score0.00875EPSS
Exploits0References1
prion
prion
added 2019/07/29 4:15 p.m.21 views

Command injection

The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials...

4CVSS7AI score0.00875EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2019/07/29 3:28 p.m.21 views

CVE-2015-9288

The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials...

6.3AI score0.00875EPSS
Exploits0References1
cve
cve
added 2019/07/29 3:28 p.m.48 views

CVE-2015-9288

CVE-2015-9288 affects the Unity Web Player plugin. Affected versions include the plugin prior to 4.6.6f2 and 5.x prior to 5.0.3f2. The vulnerability allows attackers to read messages or access online services using a victim’s credentials, implying credential-access leakage via the plugin. Connect...

6.5CVSS6.3AI score0.00875EPSS
Exploits0References1Affected Software1
prion
prion
added 2018/07/24 3:29 p.m.15 views

Sql injection

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit laten...

7.5CVSS9.6AI score0.01713EPSS
Exploits0References2Affected Software5
nvd
nvd
added 2018/07/24 3:29 p.m.17 views

CVE-2017-3181

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit laten...

9.8CVSS9.8AI score0.01713EPSS
Exploits0References2
osv
osv
added 2018/06/27 4:29 p.m.6 views

CVE-2018-5435

The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple...

9.8CVSS6AI score0.03243EPSS
Exploits0References2
hackerone
hackerone
added 2015/09/13 1:8 p.m.38 views

X (Formerly Twitter): Multiple DOMXSS on Amplify Web Player

Hi, I would like to report multiple DOMXSS issues on https://amp.twimg.com/amplify-web-player/prod/source.html. Details: Please use latest IE to open all the PoCs because of CSP 1. $.get sink javascript define"data/playlist/withjsonloader", "require", "flight/lib/compose",...

6.3AI score
Exploits0
Rows per page
Query Builder